Security Alerts and Updates

  Susan Bradley’s Master Patch List  (Windows)
•  AskWoody Newsletters and Alerts
  Latest Security Updates for Apple Software

April, 2019  (Click listings for more information) .
20  Patch Lady – .NET changes.
19  Google will block sign-ins from embedded browser frameworks.
19  McAfee antivirus also affected by the April patch for Windows 7.
18  Attack affects half a billion Apple iOS users via Chrome bug.
18  Facebook admits to storing plaintext passwords of Instagram users.
18  Some internet outages predicted for the coming month.
18  Here’s an easier way to block the IE XXE zero day.
18  Facebook admits to uploading email contacts of 1.5 million users.
17  Multiple vulnerabilities in Broadcom WiFi chipset drivers.
17  Internet Explorer browser flaw threatens all Windows users.
16  Malvertising Campaign used Chrome to hijack iOS user sessions.
16  Scranos rootkit expands operations to the rest of the world.
16  Win7/8.1/Server patch conflicts abated, somewhat.
15  Adblock Plus, AdBlock, & uBlocker filters can be exploited.
15  Mobile VPNs promoted by ‘You are infected’ or ‘Hacked’ ads.
15  A hacker has dumped nearly one billion user records.
15  Patched Windows 0-day provided full control over systems.
15  70 percent of attacks now target Office vulnerabilities.
13  The Nasty List phishing scam is sweeping through Instagram.
13  Microsoft discloses security breach of some Outlook accounts.
13  Samsung issues a security update for the Galaxy S10 & S10+.
13  RobbinHood Ransomware claims it’s protecting your privacy.
12  Patch Lady – so I don’t get it.
12  The Week in Ransomware – Targeting Reveton, & more.
12  NoScript extension officially released for Google Chrome.
12  IE zero-day lets hackers steal files from Windows PCs.
12  April 2019 Windows patches wreaked havoc on many PCs.
11  Companies are listening to what you say to their assistants.
11  Microsoft’s April 2019 Updates are causing Windows to freeze.
11  Two out of three hotels leak your sensitive data.
10  Dragonblood vulnerabilities disclosed in WiFi WPA3 standard.
10  Android devices can now be used as a security key via Bluetooth.
10  Reports of freezing with Win7 and Win8.1 monthly rollups.
09  Patch Tuesday comes with fixes for two Windows zero-days.
09  Cars were left exposed to thieves due to a hardcoded password.
09  AeroGrow discloses data breach by card skimming malware.
09  Cybercrime market selling full digital fingerprints of users.
09  April Patch Tuesday Windows and Office patches are out.
09  Microsoft admits nobody has the time to ‘safely remove’ USBs.
08  Mozilla will start showing vetted Firefox extensions this summer.
08  The Google features that Microsoft turned off in Chromium Edge.
08  Patch Tuesday’s coming, so lock down automatic updates.
06  Major browsers to prevent disabling of click tracking.
06  AI chatbot helps people find info on scams and frauds.
05  The Week in Ransomware – Pacman Wakka Wakka.
05  DoS vulnerability allows attacks on some MikroTik routers.
05  Surface Pro (2017) and Surface Pro 6 get firmware updates.
05  Cybercrime market with 385,000 members found on Facebook.
05  Beware of calls saying your Social Security number is suspended.
04  New update options for Win10 1903 explained.
04  Reports of bluescreen after installing Win10 1809’s KB 4490481.
03  Financial mobile apps fail to follow security standards.
03  Over 540 million Facebook records exposed on servers.
03  Credit card info skimming scripts infect websites.
02  Verizon customers targeted in phishing campaigns.
02  Google’s social network, Google+, shuts down today.
02  April 2019 non-Security Office Updates are available.
02  Cumulative update for Windows 10 version 1809 released.
02  It’s time to install the March Windows and Office patches.
01  Google fixes two critical Android vulnerabilities.
01  Microsoft Patch Alert: Most March patches look good.
01  Notepad++ adds GPG signature to verify authenticity.

March, 2019  (Click listings for more information) .
31  Popup enlarges so users click on ads instead of ‘Close’ button.
30  Google details Android security with its ‘Year in Review’ report.
29  The Week in Ransomware – Parking for Free!
29  MAC addresses targeted by the ASUS attack now available.
29  VMware fixes vulnerabilities in ESXi, Workstation & Fusion.
29  Toyota breach exposes personal info of 3.1 million clients.
29  IoT attacks escalating with a 217.5% increase in volume.
29  Buca di Beppo parent firm admits breach of credit & debit card info.
28  TP-Link’s SR20 Smart Home Router is impacted by a zero-day.
28  Windows 10 version 1809 is now in broad deployment & available.
28  Android malware targets 100+ banking & 32 cryptocurrency apps.
28  Ransomware locks files in protected archives, demands gift cards.
27  Office Depot pays millions to settle deceptive tech support lawsuit.
27  Firefox 66.0.2 released with fixes for Windows 10, Office 365 issues.
26  NVIDIA patches high severity GeForce Experience vulnerability.
26  UC Browser for Android, desktop exposes users to MiTM attacks.
26  ASUS admits its Live Update utility was backdoored by APT group.
25  Skype Experiencing Global Instant Messaging Delays.
25  Security vulnerabilities fixed in Thunderbird 60.6.1.
25  Apple Releases Multiple Security Updates.
25  Emsisoft has released a decryptor for the Hacked Ransomware.
25  ASUS Live Update infected with backdoor in supply chain attack.
23  Researchers find 36 new security flaws in LTE protocol.
22  The Week in Ransomware – LockerGoga, and more.
22  Medtronic’s implantable defibrillators vulnerable to severe hacks.
22  FEMA data leak exposes personal info of 2.3M disaster survivors.
22  Mozilla Releases Security Updates for Firefox.
21  Fake CDC emails warning of flu pandemic push ransomware.
21  Facebook stored millions of user passwords in plain text for years.
21  KB4493132 update alerts Windows 7 users of end of support date.
20  Payment card thieves slip into MyPillow and AmeriSleep sites.
20  Opera’s Android app will now come with a built-in VPN.
20  Patch Lady – downloading the 1809 iso.
19  Netflix and AMEX customers targeted by phishing campaigns.
19  Firefox 66 arrives with features to cut down on web annoyances.
19  Feb Cumulative update for Win10 v1803 causing BSODs.
19  Microsoft updates Windows 10 versions 1803, 1709, 1703, & 1607.
19  Microsoft Antimalware crashing on Windows 7 & 8.
18  Google+ gives final warning to backup data before it’s deleted.
18  AMD says SPOILER vulnerability does not impact its processors.
18  New Sextortion email uses CIA Investigation as scare tactic.
17  Why phone numbers stink as identity proof.
17  Just don’t use WinRAR, OK?
16  Spam warns about Boeing 737 Max crashes while pushing malware.
15  The Week in Ransomware – STOP, Decryptors, and More.
15  Fujitsu wireless keyboard vulnerable to keystroke injection attacks.
15  Over 100 exploits found for 19-year old WinRAR RCE bug.
15  New Zealand tragedy-related scams and malware campaigns.
14  Proof of concept code published for one of Windows 7 zero-days.
14  Intel fixes high severity vulnerabilities in graphics driver for Windows.
14  Resolve Windows 10 upgrade errors.
14  Malicious Javascript active on FILA UK and other websites.
13  New bug reported with all of this month’s Windows patches.
13  Microsoft updates its Win10 auto-uninstall feature announcement.
13  Facebook and Instagram down in Global Outage.
13  Adware found in 210 Android apps with over 150M installs.
13  Half of organisations have fallen victim to phishing in last two years.
12  Google Chrome 73 released with dark mode support on macOS.
12  Windows 7 gets SHA-2 support to enable future updates.
12  CCleaner Professional adds Software Updater feature.
12  Patch Tuesday: Here’s what’s new for Windows 7 & 8.1.
12  Patch Tuesday: Here’s what’s new for Windows 10.
12  Microsoft releases the March 2019 Updates for Office.
12  Patch Tuesday patches are starting to roll in.
12  Mozilla graduates Firefox Send, its private file sharing service.
12  Adobe releases security fixes for Photoshop CC & Digital Editions.
11  Windows 10 to automatically remove updates that cause problems.
11  Outdated medical IoT devices exposed to hacking.
11  Samsung Galaxy S10 face recognition can easily be bypassed.
11  Windows 10 version 1903 imminent, lock down Windows updates.
10  Ransomware installing password stealing Trojans on victims.
08  The Week in Ransomware – OpJerusalem, Jokeroo, and more.
08  1.8 million users attacked by Android banking malware.
08 Bypasses Credit Freeze PIN.
07  Google says upgrade to Windows 10 to fix Windows 7 zero-day bug.
07  Performance degradation in Windows 10 with KB4482887.
06  Unpatched UPnP-enabled devices left exposed to attacks.
06  Google Chrome update patches actively exploited zero-day.
06  Hackers revive Microsoft Office Equation Editor exploit.
06  Adware apps in Google Play simulate uninstall for persistence.
05  March non-security Office updates have been released.
04  Windows 10 IoT Core lets attackers take over devices.
04  WebAuthn becomes an official standard of authentication.
04  February’s patches look ripe, but look out for Win 8.1.
04  WES-NG lists known exploits for your Windows install.
03  Patch Lady – need a fix for JUST Access 95 issues?
03  Windows 10 update released with performance fix for Spectre bug.
03  Google reveals “high severity” flaw in macOS kernel.
01  The Week in Ransomware – Cr1ptT0r, B0r0nt0K, and More.
01  Microsoft releases Windows 10 build 17763.348 (version 1809).
01  Where we stand with the February patches.

February, 2019  (Click listings for more information) .
28  Microsoft announces new security features & more for Microsoft 365.
28  MageCart group evolves tactics to better steal your credit cards.
27 sports collectible site exposes payment info in attack.
27  Outlook & Microsoft account phishing emails use Azure Blob Storage.
27  Social media attacks generate $3.25 billion for crooks each year.
27  28 billion credential stuffing attempts during second half of 2018.
26  Google enhances Google Play Protect on Android, but is it enough?
26  Vulnerabilities allow attacks using Thunderbolt peripherals.
26  Malvertising attack sneaks JavaScript payload in polyglot images.
26  Intel releases v25.20.100.6577 DCH drivers for Windows 10.
25  Malspam exploits WinRAR ACE vulnerability to install a backdoor.
25  Smart homes at risk due to unpatched vulnerabilities, weak credentials.
25  NVIDIA patches GPU Display Driver for Windows, Linux.
22  How to identify, prevent and remove rootkits in Windows 10.
22  Update to Win10 1809 may cause loss of access to One Drive.
22  Tax returns exposed in TurboTax credential stuffing attacks.
22  Office 365 phishing page comes with live chat support.
22  19-Year Old WinRAR RCE Vulnerability Gets Micropatch.
22  Cr1ptT0r Ransomware Infects D-Link NAS Devices.
21  Password managers leaking data in memory.
21  Microsoft’s Surface Go gets a series of firmware updates.
21  Adobe patches critical information disclosure flaw in Reader, again.
21  New cumulative update for IE in Win7 & 8.1 fixes the backslash bug.
21  Mozilla Firefox 67 to warn about breached sites using new add-on.
20  Microsoft Edge secret whitelist allows Facebook to autorun Flash.
20  Attack kit combines Trojans and tools to spread miners, steal data.
19  Cards used at 137 restaurants exposed by point-of-sale breach.
19  Microsoft releases updates for Win10 versions 1803, 1709, & 1703.
19  GandCrab decrypter available for v5.1, new 5.2 variant already out.
18  Three known issues added to last week’s updates for Windows.
18  Rietspoof Malware drops multiple malicious payloads.
17  Third round of hacked databases up for sale on the Dark Web.
16  The Week in Ransomware – Attack on MSPs, and more.
16  Google changes stance on upcoming Chrome Manifest V3 changes.
15  18,000 Android apps track users by violating ID policies.
15  Cryptojacking Coinhive miners land on the Microsoft Store.
14  127 million stolen accounts up for sale on the dark web.
14  Security vulnerabilities fixed in Thunderbird 60.5.1.
14  Emotet uses camouflaged macros to avoid antivirus detection.
14  Mozilla adds persistent private browsing to Firefox for iOS.
13  Malware disables macOS Gatekeeper to run payloads.
13  OpenOffice zero-day flaw gets free micropatch.
13  Misc., minor problems with the Patch Tuesday patches.
13  Scarlet Widow gang entraps victims using romance scams.
12  Microsoft releases the February 2019 updates for Office.
12  Patch Tuesday patches start rolling out.
12  Adobe releases security fixes for Flash Player, & more.
12  Security vulnerabilities fixed in Firefox 65.0.1.
11  Patch lady – Make sure your 1099s are private.
11  Privacy flaw in macOS gives access to browsing history.
11  Microsoft states Windows Update DNS issues are finally fixed.
11  Adobe Reader zero-day micropatch available for malicious PDFs.
10  Facebook, Twitter trackers whitelisted by Brave Browser.
08  The Week in Ransomware – Shady Data Recovery Companies.
08  Microsoft: Watch out for zero days; deferred patches, not so much.
08  Apple patched two actively exploited zero-days in iOS 12.1.4.
07  New phishing attack uses Google Translate as camouflage.
07  Wells Fargo hit by nationwide outage, ATMs & online banking down.
07  Fix released for Group FaceTime Snooping Bug in iOS & macOS.
06  Google eliminates more spam from Gmail with TensorFlow.
06  Scammers are exploiting Gmail ‘dot accounts’ for online fraud.
06  macOS vulnerability allows access to passwords in the Keychain.
05  Microsoft issues the February 2019 Non-Security Office updates.
05  Microsoft: Windows Update problems were caused by DNS issues.
05  OpenOffice vulnerable to remote code execution, LibreOffice patched.
05  Google launches Chrome Password Checkup extension.
05  Firefox 65 rollout resumes after AVs disable HTTPS scanning.
04  Windows 10 Update continues having issues after DNS fixes.
04  Google begins rolling out Android security patch to Pixel devices.
04  Microsoft Authenticator App now delivers security notifications.
04  Windows 3.0 File Manager reborn in all its nostalgic glory.
03  Houzz Break-In: Data Breach Announced.
02  Sextortion scam states hacked Xvideos recorded you via webcam.
01  The Week in Ransomware – LockerGoga, MalSpam, & more.
01  Mozilla halts Firefox 65 rollout due to certificate errors.
01  Apple apologizes for FaceTime bug, fix coming next week.
01  NSA Releases Guidance on Side-Channel Vulnerabilities.
01  The January Windows and Office patches are good to go.